gemlikes
gemlikes copied to clipboard
makew0rld
Id hashes probably leak IP addresses, can be used to correlate users across hosts
My math (and my idea of your threat model) might be wrong here, but I'm guessing that you're displaying hashed IP addresses as ids so as not to publish people's IP addresses.
For IPv4, 8 characters of a sha256 hash is probably enough to get the address back, since that's 32 bits of entropy, and IPv4 addresses only have 32 bits of entropy to start with. It'd be pretty trivial to construct a rainbow table mapping 8-char hashes back to IPv4 addresses (it'd take a few hours and about <80GB of disk space), and I'd expect it to have very very few collisions. (I can test this if you'd like.)
Truncating the hash further or salting it with some server-side secret would fix this, if it's something you think needs fixing. Using a server-side secret would also prevent people from correlating ids across multiple hosts.
Apologies if this is something you've already thought of or isn't relevant to your threat model. Hope you have a lovely day, and thank you for making this!
Hmm, I should've though of this. Thanks for bringing it up. gemlikes is pretty much just a toy project, but salting would likely be a good idea. Perhaps it could just be a string variable in the config?
I'd be happy to take a PR for this.
Perhaps it could just be a string variable in the config?
I was thinking the same thing, but with the config file in the same directory as the binaries it may be publicly accessible.
I guess it depends on how the server is configured, but the one I'm using right now lets me download the toml file. 😭
Maybe instead of asking the user for a string, you could generate one and store it somewhere in the data folder? Or have the user put it there maybe? I'm thinking that should be safe, but I'm not 100% sure.
Sounds good yep. Probably generating it if it doesn't exist is the way to go, and then just using it again and again.
Would be happy to have a PR for this.